Display System Log Files
Display a Log File from a Single-Chassis System
To display a log file stored on a single-chassis system, enter Junos OS CLI operational mode and issue either of the following commands:
user@host> show log log-filename user@host> file show log-file-pathname
By default, the commands display the file stored on the local
Routing Engine. To display the file stored on a particular Routing
Engine, prefix the file or pathname with the string re0 or re1 and a colon.
The following examples both display the /var/log/messages file stored on the Routing Engine in slot 1:
user@host> show log re1:messages user@host> file show re1:/var/log/messages
For information about the fields in a log message, see Interpreting Messages Generated in Standard Format by a Junos OS Process or Library, Interpreting Messages Generated in Standard Format by Services on a PIC, and Interpreting Messages Generated in Structured-Data Format. For examples, see Log File Sample Content.
Log File Sample Content
This topic contains sample content from the /var/log directory. You can display the contents of the /var/log/messages file stored on the local Routing Engine. (The /var/log directory is the default location for log files, so you do not need to include it in the filename. The messages file is a commonly configured destination for system log messages.)
In Junos OS Evolved, the messages file is only written on the primary Routing Engine. Backup Routing Engine messages are found in the messages file on the primary Routing Engine.
user@host> show log messages Apr 11 10:27:25 router1 mgd[3606]: UI_DBASE_LOGIN_EVENT: User 'barbara' entering configuration mode Apr 11 10:32:22 router1 mgd[3606]: UI_DBASE_LOGOUT_EVENT: User 'barbara' exiting configuration mode Apr 11 11:36:15 router1 mgd[3606]: UI_COMMIT: User 'root' performed commit: no comment Apr 11 11:46:37 router1 mib2d[2905]: SNMP_TRAP_LINK_DOWN: ifIndex 82, ifAdminStatus up(1), ifOperStatus down(2), ifName at-1/0/0
You can display the contents of the file /var/log/processes, which has been previously configured to include messages from the daemon facility. When issuing the file show command,
you must specify the full pathname of the file:
user@host> file show /var/log/processes Feb 22 08:58:24 router1 snmpd[359]: SNMPD_TRAP_WARM_START: trap_generate_warm: SNMP trap: warm start Feb 22 20:35:07 router1 snmpd[359]: SNMPD_THROTTLE_QUEUE_DRAINED: trap_throttle_timer_handler: cleared all throttled traps Feb 23 07:34:56 router1 snmpd[359]: SNMPD_TRAP_WARM_START: trap_generate_warm: SNMP trap: warm start Feb 23 07:38:19 router1 snmpd[359]: SNMPD_TRAP_COLD_START: trap_generate_cold: SNMP trap: cold start
You can display the contents of the file /var/log/processes when the explicit-priority statement is included at the
[edit system syslog file processes] hierarchy level:
user@host> file show /var/log/processes Feb 22 08:58:24 router1 snmpd[359]: %DAEMON-3-SNMPD_TRAP_WARM_START: trap_generate_warm: SNMP trap: warm start Feb 22 20:35:07 router1 snmpd[359]: %DAEMON-6-SNMPD_THROTTLE_QUEUE_DRAINED: trap_throttle_timer_handler: cleared all throttled traps Feb 23 07:34:56 router1 snmpd[359]: %DAEMON-3-SNMPD_TRAP_WARM_START: trap_generate_warm: SNMP trap: warm start Feb 23 07:38:19 router1 snmpd[359]: %DAEMON-2-SNMPD_TRAP_COLD_START: trap_generate_cold: SNMP trap: cold start
Warning Message Support for Throughput Overuse:
The SRX4100 device supports up to 20 Gbps and 7 Mpps of Internet
mix (IMIX) firewall performance. When IMIX throughput exceeds 20 Gbps
and 7 Mpps on an SRX4100 device, new log messages are logged. These
log messages remind you that there is throughput overuse. You can
see the following sample log messages when you issue the show
log messages command.
user@host> show log messages Apr 25 14:01:12 user Throughput exceed 20Gbps and 7Mpps in 35% of last 15 minutes, above the time threshold 10%! Apr 25 14:16:12 user Throughput exceed 20Gbps and 7Mpps in 95% of last 15 minutes, above the time threshold 10%!
As a reminder of throughput overuse, every 15 minutes the system calculates how many minutes the throughout has exceeded 20 Gbps and 7 Mpps. The system triggers a log message if the throughput has exceeded more than 1 minute, 30 seconds (10%) of the last 15 minutes. For example, suppose you see the following log message:
Throughput exceed 20 Gbps and 7 Mpps in 35% of last 15 minutes, above the time threshold 10%!
It means your throughput has exceeded 20 Gbps and 7 Mpps for 5 minutes, 15 seconds of the last 15 minutes (35% of 15 minutes) that triggered the log message.
To turn off this log message, we recommend that you bring down the throughput level below 20 Gbps and 7 Mpps or install the enhanced performance upgrade license.
This feature requires a license. Please refer to the Juniper Licensing Guide for general information about License Management. Please refer to the product Data Sheets at SRX Series Services Gateways for details, or contact your Juniper Account Team or Juniper Partner.
Display a Log File from a Routing Matrix
One way to display a log file stored on the local Routing Engine
of any of the individual platforms in a routing matrix (T640 routing
nodes or TX Matrix platform) is to log in to a Routing Engine on the
platform, enter Junos OS CLI operational mode, and issue the show log or file show command described in Displaying a Log File from a Single-Chassis System.
To display a log file stored on a T640 routing node during a
terminal session on the TX Matrix platform, issue the show log or file show command and add a prefix that specifies
the T640 routing node’s LCC index number as lccn, followed by
a colon. The index can be from 0 (zero) through 3:
user@host> show log lccn:log-filename user@host> file show lccn:log-file-pathname
By default, the show log and file show commands display the specified log file stored on the primary Routing
Engine on the T640 routing node. To display the log from a particular
Routing Engine, prefix the file- or pathname with the string lccn-primary, lccn-re0, or lccn-re1, followed by a colon. The
following examples all display the /var/log/messages file stored on the primary Routing Engine (in slot 0) on routing
node LCC2:
user@host> show log lcc2:messages user@host> show log lcc2-master:messages user@host> show log lcc2-re0:messages user@host> file show lcc2:/var/log/messages
If the T640 routing nodes are forwarding messages to the TX Matrix platform (as in the default configuration), another way to view messages generated on a T640 routing node during a terminal session on the TX Matrix platform is simply to display a local log file. However, the messages are intermixed with messages from other T640 routing nodes and the TX Matrix platform itself. For more information about message forwarding, see Impact of Different Local and Forwarded Severity Levels on System Log Messages on a TX Matrix Router.
For information about the fields in a log message, see Interpreting Messages Generated in Structured-Data Format, Interpreting Messages Generated in Standard Format by Services on a PIC, and Interpreting Messages Generated in Standard Format by a Junos OS Process or Library. For examples, see Log File Sample Content.
Display MD5 Log Files
On Junos OS,
When MD5 configured on local but not on peer device,
Apr 16 21:49:52 R1_re kernel: tcp_auth_ok: Packet from 2.2.2.2:52848 missing MD5 digest
When MD5 configured on peer but not on local device,
Apr 16 21:51:30 R1_re kernel: tcp_auth_ok: Packet from 2.2.2.2:54049 unexpectedly has MD5 digest
When MD5 is configured on both the routers and there is authentication password mismatch, the following log is displayed:
Apr 16 21:51:58 R1_re kernel: tcp_auth_ok: Packet from 2.2.2.2:54049 wrong MD5 digest
On Junos OS Evolved,
When TCP MD5 authentication is configured on local but not on peer device, the log messages are not available.
When TCP MD5 authentication is configured on peer but not on local device, the log messages are not available.
When MD5 is configured on both the routers and there is authentication password mismatch, the following log is displayed:
Apr 16 21:41:22 vScapa1-RE0-re0 kernel: %KERN-6-TCP: MD5 Hash failed for (2.2.2.2, 39213)->(1.1.1.1, 179)